Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks

Symantec reports: A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access. Read more on Symantec’s blog.

Categories

Related Posts

Statement from Endeavor Energy Resources (via MRT): “Endeavor Energy Resources, L.P. (“Endeavor”), an oil and gas exploration and production company, discovered on Jan. 14 that earlier that day an unauthorized party, through a phishing scam, Read more…

On January 21 and January 31, this site reported on a ransomware attack by Maze Team on CrossroadsNet or Crossroads Technologies. It wasn’t even clear who was attacked, as one entity had no web site, Read more…